[I] airflow hashicorp vault integration - path with subfolder is not wokring [airflow]

Wed, 10 Apr 2024 08:06:31 -0700 


Gaurang033 opened a new issue, #38901:
URL: https://github.com/apache/airflow/issues/38901

   ### Apache Airflow version
   
   Other Airflow 2 version (please specify below)
   
   ### If "Other Airflow 2 version" selected, which one?
   
   2.5.3
   
   ### What happened?
   
   I am trying to connect hashircorp vault as secret manager. if I am provide 
the config as mentioend below it works, where variables_path doesn't have any 
subfolder. 
   
   `{"connections_path": "connections", "mount_point": "airflow", 
"variables_path": "variables", "config_path": null, "url": "https://xxx.com";, 
"auth_type": "approle", "role_id":"airflow_role", "secret_id":"xxx"}`
   
   However, If I provide subpath for variables or connection it doesn't work. 
   
   ```
   {"connections_path": "test-composer/connections", "mount_point": "airflow", 
"variables_path": "test-composer/variables", "config_path": null, "url": 
"https://xxx.com";, "auth_type": "approle", "role_id":"airflow_role", 
"secret_id":"xxx"}
   ```
   
   following is the policy. 
   ```
   path "airflow/*" {
     capabilities = ["read", "list"]
   }
   path "airflow/test-composer/*" {
     capabilities = ["read", "list"]
   }
   path "airflow/test-composer/variables/*" {
     capabilities = ["read", "list"]
   }
   path "airflow/test-composer/variables/policy_event_variables" {
     capabilities = ["read", "list"]
   }
   ```
   
   
   ### What you think should happen instead?
   
   mount_poing and path should be just concat to create a path to access key 
from hashicorp vault, so not sure why it's not working. 
   
   ### How to reproduce
   
   Add a new secret backend by modifying the configuration. 
   
   **backend**: `airflow.providers.hashicorp.secrets.vault.VaultBackend`
   **backend_kwargs**:  ```{"connections_path": "test-composer/connections", 
"mount_point": "airflow", "variables_path": "test-composer/variables", 
"config_path": null, "url": "https://xxx.com";, "auth_type": "approle", 
"role_id":"airflow_role", "secret_id":"xxx"}```
   
   ### Operating System
   
   gcp composer
   
   ### Versions of Apache Airflow Providers
   
   apache-airflow-providers-apache-beam==5.3.0
   apache-airflow-providers-cncf-kubernetes==7.10.0
   apache-airflow-providers-common-sql==1.8.1
   apache-airflow-providers-dbt-cloud==3.4.1
   apache-airflow-providers-ftp==3.6.1
   apache-airflow-providers-google==10.12.0
   apache-airflow-providers-hashicorp==3.5.0
   apache-airflow-providers-http==4.7.0
   apache-airflow-providers-imap==3.4.0
   apache-airflow-providers-mysql==5.2.0
   apache-airflow-providers-postgres==5.8.0
   apache-airflow-providers-sendgrid==3.3.0
   apache-airflow-providers-sqlite==3.5.0
   apache-airflow-providers-ssh==3.8.1
   
   ### Deployment
   
   Google Cloud Composer
   
   ### Deployment details
   
   _No response_
   
   ### Anything else?
   
   _No response_
   
   ### Are you willing to submit PR?
   
   - [ ] Yes I am willing to submit a PR!
   
   ### Code of Conduct
   
   - [X] I agree to follow this project's [Code of 
Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to